Installing the CSC SSM 6.1.1587.0 Patch

Install this patch only if you are running CSC SSM version 6.1.1569.0, version 6.1.1569.1, or version 6.1.1569.2. This upgrade applies only to the platform and versions previously listed. Existing user configuration and licenses will be preserved during the upgrade process. After the upgrade, the CSC version changes to 6.1.1587.0. All previous patch records are removed, because they are included in this upgrade.

Step 1 Download the csc-p-6.1.1587.0.pkg file from the Software Center on Cisco.com. You need to log into Cisco.com to download the software. If you do not have a Cisco.com account, visit the following website to become a registered user:

Step 3 In the command line field, enter the show module 1 details command, and then click Send.

The CSC SSM software version information appears.

hostname(config)# show module 1 details

Getting details from the Service Module, please wait...

ASA 5500 Series Security Services Module-20

Model: ASA-SSM-20

Hardware version: 1.0

Serial Number: 0

Firmware version: 1.0(10)0

Software version: CSC SSM 6.1.1587.0

MAC Address Range: 000b.fcf8.012c to 000b.fcf8.012c

App. name: CSC SSM

App. Status: Up

App. Status Desc: CSC SSM scan services are available

App. version: 6.1.1587.0

Data plane Status: Up

Status: Up

HTTP Service: Up

Mail Service: Up

FTP Service: Up

Activated: Yes

Mgmt IP addr: 10.89.130.241

Mgmt web port: 8443

Peer IP addr: <not enabled>

Caveats

This section describes the open and resolved caveats for the CSC SSM 6.1.1587.0 release. To view more information about an open or resolved caveat, use the Bug Toolkit on Cisco.com. If you are a registered Cisco.com user, access the Bug Toolkit on cisco.com at the following website:

For your convenience in locating caveats in the Cisco Bug Toolkit, the caveat titles listed in this section are taken directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences, because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:

Trend URL filtering service does not currently support SOCKS-based proxy service.

CSCsg76794/CSC-SSM6.0-01342

Last 30-day counter is not updating correctly.

CSCsg82181, CSCsh27090/CSC-SSM6.0-01347

The flash image on www.cisco.com Home page sometimes cannot be loaded. (HTTP) Firefox 2.0 with faster plug-in has issue opening www.cisco.com. These are duplicate defects.

CSCsh15518/CSC-SSM6.0-01374

Upgrading CSC module may result in inability to activate module.

CSCsh23475/CSC-SSM6.0-01365

CSC module - URL blocking not functional for keywords.

CSCsh27011/CSC-SSM6.0-01340

HP-UX FTP issues occur when in passive mode.

CSCsh27093/CSC-SSM6.0-01350

(HTTP) URL filtering requests sent with incorrect format.

CSCsh27102/CSC-SSM6.0-01353

Vulnerability for SSL.

CSCsh39788/CSC-SSM6.0-01376

After upgrading CSC using a patch, URL filtering does not function.

CSCsh53472/CSC-SSM6.0-01377

CSC module delays HTTP and FTP traffic.

CSCsh58901/CSC-SSM6.0-01357

CSC Plus license expiration does not disable URL blocking in ASDM.

CSCsh58934/CSC-SSM6.0-01363

SSM card becomes unresponsive after configuring via the ASDM.

CSCsh70101/CSC-SSM6.0-01390

No error message for invalid URL blocking import file.

CSCsh80376/CSC-SSM6.0-01359

Incorrect error message when URL rating lookup times out.

CSCsh97282/CSC-SSM6.0-01406

CSC GUI admin port cannot be changed.

CSCsi05156/CSC-SSM6.0-01404

CSC module increasingly delays TCP retransmissions.

CSCsi27604/CSC-SSM6.0-01437

Sometimes when sending e-mails with attachments through the CSC, the body may be corrupted.

CSCsi40117/CSC-SSM6.0-01436

100% CPU usage.

CSCsi43395/CSC-SSM6.0-01397

Do not send disconnect-syslog when HTTP receives RST.

Resolved Caveats

Table 2 lists the caveats that have been resolved in Version CSC 6.1.1587.0.

Table 2 Closed Caveats

Cisco ID Number/
Trend Micro ID Number

Caveat Title

CSCsg32958/CSC-SSM6.0-01316

SMTP/TLS can tunnel through CSC SSM starting with release 6.1.1569.0, but is not user-configurable.

CSCsg82152/CSC-SSM6.0-01348

CSC jumps to 100% CPU usage, but new connections can be established and traffic scanned.

CSCsh27010/CSC-SSM6.0-01337

POP3 never worked.

CSCsh31484/CSC-SSM6.0-01379

Enabling email disclaimer insertion requires a valid Plus license.

CSCsh58836/CSC-SSM6.0-01356

Unable to push pattern updates from Japanese TMCM console.

Note This issue does not affect the English TMCM console.

CSCsh58911/N/A

CSC-SSM module CPU pegged at 100% usage.

CSCsh73881/CSC-SSM6.0-01359

CSC SSM CPU usage at 100% when running 6.1.1569.1 image.

CSCsh74915/CSC-SSM6.0-01391

CSC GUI does not redirect to Login page after a session timeout.

CSCsh90870/CSC-SSM6.0-01369

Large POP3 e-mail downloads time out.

CSCsi06520/CSC-SSM6.0-01405

FTP/TLS fails to negotiate through CSC and causes client to abort.

CSCsi07133/CSC-SSM6.0-01396

TFTP client on CSC cannot transfer large files.

CSCsi18226/CSC-SSM6.0-01409

CSC GUI displays the following message even if failover is correctly configured: "InterScan for CSC SSM could not establish a connection because the failover peer is incorrectly configured to accept data from this host. Please verify failover settings on the peer, then try again."

CSCsi32093/CSC-SSM6.0-01411

CSC SMTP/POP3 scanner may block e-mails with more than 100 recipients.

CSCsi40116/CSC-SSM6.0-01435

CSC HTTP scanner may have issues with a few websites (e.g., OCLC) or cause 100% CPU busy.

CSCsi43391/CSC-SSM6.0-01385

CSC control channel may time out under a heavy load and cause CSC to be taken offline or cause ASA failover.

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

Caveats

This section describes the open and resolved caveats for the CSC SSM 6.1.1587.0 release. To view more information about an open or resolved caveat, use the Bug Toolkit on Cisco.com. If you are a registered Cisco.com user, access the Bug Toolkit on cisco.com at the following website:

For your convenience in locating caveats in the Cisco Bug Toolkit, the caveat titles listed in this section are taken directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences, because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows: